Lucene search

K
ubuntucveUbuntu.comUB:CVE-2016-5728
HistoryJun 27, 2016 - 12:00 a.m.

CVE-2016-5728

2016-06-2700:00:00
ubuntu.com
ubuntu.com
16
race condition
vop driver
linux kernel
local users
sensitive information
denial of service
memory corruption

CVSS2

5.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:P/I:N/A:C

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS

0

Percentile

5.1%

Race condition in the vop_ioctl function in
drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel
before 4.6.1 allows local users to obtain sensitive information from kernel
memory or cause a denial of service (memory corruption and system crash) by
changing a certain header, aka a “double fetch” vulnerability.

Notes

Author Note
jdstrand android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchlinux< 3.13.0-95.142UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-36.55UNKNOWN
ubuntu12.04noarchlinux-lts-trusty< 3.13.0-95.142~precise1UNKNOWN
ubuntu14.04noarchlinux-lts-vivid< 3.19.0-68.76~14.04.1UNKNOWN
ubuntu14.04noarchlinux-lts-xenial< 4.4.0-36.55~14.04.1UNKNOWN
ubuntu16.04noarchlinux-raspi2< 4.4.0-1021.27UNKNOWN
ubuntu16.04noarchlinux-snapdragon< 4.4.0-1024.27UNKNOWN

CVSS2

5.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:P/I:N/A:C

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS

0

Percentile

5.1%